About kthelen

I'm the owner of this here operation

Hosting upgrade complete

Well, it’s done. Everything was moved smoothly onto the new server. A few users may need to reset their password; outside of that it should have been seamless.

I’d elaborate on the details – but who cares? More space for everybody!

Hosting upgrade on the way

Demand for Web hosting is on the rise. Our new WordPress self-manageable sites are a hit. And an upcoming partnership with KBI to provide free Web hosting for area small businesses is on the horizon. Take it all in, and suddenly that shiny new Web server we moved into three years ago is looking a little undersized.

So it is that we’ve begun the latest in our long string of Web server upgrades. But unlike last time, this move isn’t being brought on by any calamity. On this go-round, we have the time and flexibility to make it a smooth transition for all involved. Chances are you won’t even notice the change. (Unless you’re a WordPress user – in which case you’ll likely enjoy a larger disk space quota.)

If you have any questions, contact us. If we have any concerns about moving your site, we’ll contact you. And as the next few weeks pass, we look forward to seeing you on the new server.

Minimalist’s guide to NetBoot

I recall my fourth grade teacher giving a lesson on issuing directions. He asked every student to write down, with exacting detail, the steps involved in making a peanut butter and jelly sandwich. Then he gathered all the ingredients and attempted to execute the directions. Of all the kids in the class, I came closest to directing him towards making an edible sandwich… but unfortunately I forgot to instruct him to remove the second piece of bread from the bag. The result was as you’d expect: he smeared the PB&J onto the slice of bread while it was still in the bag, going forward as if nothing was wrong. Hilarious at the time, but the point was made.

Turns out that lesson had an application that neither I nor the teacher realized at the time: as a metaphor for various types of programming, and computers in general; the most literal embodiment of “do what I say, not what I mean”. Many of my classmates might have gotten farther had they remembered to include their dependencies in the beginning (you can’t apply jelly if you don’t get jelly first).

And so it was with configuring a generic NetBoot server. There are many ‘NetBoot from a Linux box’ type documents out there, but it seems they all fail to mention at least one key thing you wouldn’t know if you didn’t have a machine running OS X Server to refer to. It was for that reason that I’d been shying away from configuring NetBoot on my network for quite some time.

Recently I came upon a situation where I needed to image a bunch of Macs in a hurry, and NetBoot was the only tool for the job. So I waded through the myriad of tools and documentation, and whittled it all down to the few steps below. Turns out it’s not so bad once you dig down to the right details.

All the most crucial, NetBoot-specific details are outlined below… no bells and whistles, just the things you need to get a Mac booting from your *NIX box. If you’re comfortable with the process of using PXE to feed bootloaders and kernels to PCs (as I am), you’ll have no problem getting NetBoot to work. If not, just follow the directions carefully.

 

tl;dr – There’s no magic in OS X Server that makes NetBoot work… just incorporate the config snippets below and you’re golden.

 

What you’ll need:

  • A DHCP server. I used ISC dhcpd; if you prefere something else, chances are you’ll be able to translate.
  • A TFTP server. From what I can tell, any one will do.
  • An NFS server. Again, nothing fancy is required. (HTTP can also be used, but isn’t covered here)
  • Mac OS X install media. I chose to use the DVD for 10.5, since it supports booting both PowerPC and Intel Macs.
  • Server Admin Tools. Freely available from Apple’s website – download the version which matches your install media (above).
  • A Mac. Used to gather the needed pieces and create images. (In the future I’d like to reverse-engineer the process, thus eliminating the need for a running Mac and make the process more flexible)

How to do it:

I’ll spare you all the details of prepping your *NIX box and installing the services above. You’re no idiot, and chances are you’re already running most of them anyways. The idea here is to integrate NetBoot into your (most likely) existing network, so we won’t waste time reinventing the wheel.

Make the NetBoot set. Download and install the Server Admin Tools. Once that’s done, look inside Applications -> Server for the System Image Utility. Mount your OS X install media, and run the utility.

Once the utility starts, you’re just a few clicks away from creating a NetBoot set – which will include the bootloader, kernel, driver cache, and disk image you need to boot a Mac over the network. So get clicking!

After a while, you’ll be left with a directory like this:

In my case, there’s one disk image and two sets of bootloader/kernel/drivers – one for PowerPC, and one for Intel. There’s also an XML property list, which I assume would provide the set description that an OS X Server would expect to find. (Since we have no such thing, this file is useless and can be ignored.)

TFTP prep. The contents of the “i386″ and/or “ppc” folders are retrieved by the Mac via TFTP. I made a folder called “mac” within my TFTP root, then placed the “i386″ and “ppc” folders within it. Make sure the permissions are correct, and you’re good to go.

NFS prep. Once the Mac has its bootloader, kernel, and drivers, it’s going to need to mount the disk image and finish booting from it. This image can be accessed via NFS – so we’ll make an NFS share and place the image within it. Edit your /etc/exports to add a line like this:

/export/nbi 10.22.0.0/24(async,ro,no_root_squash,insecure,no_subtree_check)

In my case, I wanted to limit access to just the local network. You can adjust yours to your liking.

Needless to say, this directory should contain the disk image (“NetInstall.dmg” in this example), and both it and its contents should be world readable.

DHCP changes. Below you’ll find the relevant portions of my dhcpd.conf – look it over, and modify yours as such.

ignore client-updates;
allow booting;
authoritative;

class "AppleNBI-i386" {
match if substring (option vendor-class-identifier, 0, 14) = "AAPLBSDPC/i386";
option dhcp-parameter-request-list 1,3,17,43,60;
if (option dhcp-message-type = 1) { option vendor-class-identifier "AAPLBSDPC/i386"; }
if (option dhcp-message-type = 1) { option vendor-encapsulated-options 08:04:81:00:00:67; }
filename "mac/i386/booter";
option root-path "nfs:10.22.0.2:/export/nbi:NetInstall.dmg";
}

class "AppleNBI-ppc" {
match if substring (option vendor-class-identifier, 0, 13) = "AAPLBSDPC/ppc";
option dhcp-parameter-request-list 1,3,6,12,15,17,43,53,54,60;
option vendor-class-identifier "AAPLBSDPC";
if (option dhcp-message-type = 1) { option vendor-encapsulated-options 08:04:81:00:00:09; }
elsif (option dhcp-message-type = 8) { option vendor-encapsulated-options 01:01:02:08:04:81:00:00:09; }
else { option vendor-encapsulated-options 00:01:02:03:04:05:06:07; }
filename "mac/ppc/booter";
option root-path "nfs:10.22.0.2:/export/nbi:NetInstall.dmg";
}

Be sure to change the “filename” and “root-path” lines to reflect your configuration.

Ready to run. Once you’ve got everything set, plug a Mac into the network (NetBoot doesn’t work over AirPort for obvious reasons) and turn it on while holding the “N” key. If all goes well, it’ll boot. If not, double-check your configuration. You may also want to hold down Command-V while booting – if the issues are occurring after the kernel is loaded, you’ll be able to see the machine’s console output and possibly diagnose the problem.

 

Broadband meeting + ISP list

If you didn’t happen to visit the Kanabec Broadband Initiative booth at the Home Show, you missed out on untold measures of fun and excitement. And if you didn’t happen to attend their Community Broadband Forum, your chance to witness history in the making has passed.

But though all the fun may be over, the documentation lives on. This is the ISP list we created for said events – a very valuable one-page flyer that was passed out at both events. It has current info on various Internet service providers that operate in the Mora area, including available speeds, prices, and pros/cons for different access mediums. We created it in hopes that it’ll make your quest to obtain broadband Internet access easier. Enjoy!

Oh, and by the way: Kanabec Systems is a member of the Kanabec Broadband Initiative group. That means we’ll be there to bring our customers’ perspectives and point of view to the table when the decisions are being made. We’re happy to be involved, and plan to do our part in bringing the promise of broadband closer to reality in rural Kanabec County.

Tips for choosing an ISP

At the request of the Kanabec Broadband Initiative group, I was updating our List of ISPs for 2011. There wasn’t room for the lengthy advice section anymore, so I had to chop it off of the print version. But it’s still good info – so I’m making sure it gets preserved here.

Some of the info is a little dated (first written in 2007), but most of it still applies today.

Who do we recommend? Tough call – they’re all good. If you are already a customer of one of these companies, you’ll probably want to stay there. If you want to switch, remember that the two telcos (Qwest and NorthStar) will only give you the rates shown if you have their phone service. If you live more than a mile or so out of town, Qwest may be your only choice. If you have need for additional Web services (such as website hosting, co-location, or wireless broadband) or insist on giving your business to small businesses only, go with NCIS.

Choose the kind of provider – ISP, ILEC, or CLEC – that you’re most comfortable with. After all, it all goes into the same Internet.

What should I watch out for? Be sure to ask lots of questions, and make sure that you are comfortable with the service you’re choosing.

Ask what kind of modem you’ll get. We highly recommend avoiding internal modems and/or any modem whose only interface is USB. Don’t be too quick to judge, though – some providers’ modems will primarily discuss USB in their documentation, but will still support Ethernet (which is far more desirable, especially for use with older or multiple machines). Qwest’s new modems are a prime example of this.

Ask how the modem is paid for – do you buy it, lease it, or is it included in the service price? What happens if it should break down? Are there any restrictions on how you can or cannot use it (i.e., only on one computer at a time)?

Avoid services that require proprietary software be installed on your computer, as such a setup limits flexibility. It is our opinion that an Internet connection should not come with minimum requirements (outside of having an appropraite hardware interface and TCP/IP support) or force you to run extra software (other than a PPPoE client or similar). Having a connection that requires proprietary software may limit your ability to use the connection directly on your older computer, and will almost always prevent you from using off-the-shelf networking products (such as routers) directly with the connection.

Also, be aware that proprietary software is often (but not always) optional. For instance, Qwest’s MSN software only provides access to enhanced content, and is not required to get on the Internet.

Examples of GOOD modems would be: NCIS.com’s Netopia modem/router combination devices (the standard issue), Qwest’s new ActionTec modem/router combo devices (also standard), and NorthStar’s basic Ethernet-based modems.

You should also inquire about installation charges and any other non-obvious fees, as well as whether or not the price offered is part of a promotion, and how much the service fee will be after the promotion ends. Qwest is known for offering lots of promos (free installation, special pricing for the first year, etc). NorthStar isn’t a stranger to such deals either, but doesn’t use them quite as widely or frequently. NCIS.com does not typically run any promos, but they sometimes are willing to negotiate their pricing.

Be sure to read and understand the provider’s Acceptable Use Policy before signing the contract. Some providers may place restrictions on the amount of data you can transfer, what applications you may and may not run, and so forth. Also, find out how long your contract will be, and if there’s a trial period during which you may cancel the service if it doesn’t work as you expected.

If you will be using the connection in conjunction with any Kanabec server solutions, for running other servers of any sort, as a VPN endpoint, or to access a corporate network from home, ask whether or not you’ll get a static IP address, and if it costs extra. NCIS.com and NorthStar assign static IPs for all their customers at no additional cost; Qwest will lease them for $5.99/mo and charges a $25 fee to do the setup.

Once it’s complete, the List will also be linked here.

A new kind of phishing

Well, so much for the Nigerian prince schemes – those wild ‘n crazy foreign scammers have finally gotten a little smarter. Take, for instance, the message I received this morning from a “customer”:

I’m in some kind of deep mess right now,my family & i came down here to London,England for a short vacation to visit a resort and got mugged at gun point last night at the park of the hotel where we stay.All cash,credit cards and cell were stolen off me.I’ve been to the  embassy and the Police here but they’re not helping issues at all,our flight leaves today and I’m having problems settling the hotel bills.

The hotel manager won’t let me leave until i settle the hotel bills(1,550GBP) now am freaked out.Please reply and let me if can you have the money wire to me through western union i promise to pay back as soon as i get back home.

Thanks so much,
Kate

Now, the message itself isn’t exactly gold – on the one hand, I know the purported sender to have far better grammar and spelling skills; but on the other hand, a person in panic writing quickly could make such mistakes. Likewise, the message’s headers were clearly (and poorly, might I add) forged.

But the message did have one unique redeeming quality – the signature (“Thanks so much, Kate”). It’s a small touch… but even I had to look twice when I first saw the message. It added an hint of possible legitimacy that just doesn’t exist in other high-volume phishing attempts I see every day.

See, this person ends many of their non-formal emails with “Thanks so much, Kate” (name changed). About the only way to know this would be to have seen one of their outgoing messages. Since there are dozens of them published in their mailing list archives – which are publicly accessible, indexed by Google, and viewable by anyone who cares to dig them up – I’m betting that’s how it was found. The fact that this person otherwise goes by a longer version of their name helps confirm my suspicions.

What may seem like four little words are, in this case, actually a small piece of “insider information” that may cause less skeptical people to hit the Reply button.

Speaking of Google, a quick search revealed that this tactic (along with the same exact message) is gaining popularity. It also seems that our scammer is greedier than the average; most examples only ask for 1,000 pounds.

At any rate, the moral of the story is: be cautious. They’re getting just a little bit smarter every day.

An icon you’ve never seen before

This would be the floppy disk icon on the Mac OS X desktop, as displayed on a brand-spankin’-new MacBook running 10.6.4.

We’ve seen this icon a few times back in the early days of OS X – you know, when beige Macs were still a common sight. (Yes, kids, Macs never used to be made out of aluminum.)

Back then, customers would routinely try and talk us into “tricking” the latest build of, say, 10.1.x, into running on their Power Mac 7300 with 128MB of RAM and a Sonnet Presto G3 card – and sometimes we would. Such machines actually had floppy drives built into them, so on the rare occasion when someone would insert a floppy disk, said icon would appear on their desktop. Even then we were a bit surprised not to see the generic “white drive” icon instead.

But today, as we connected a USB SuperDisk drive to a thoroughly modern Intel Mac, we were utterly shocked to see it. No AppleTalk, no Rosetta… but yet somehow the floppy icon lives on.

Now if only the Happy Mac would once again show its smiling face, or we could be lulled to the beat of a thousand flying toaster wings on these new Macs, all would be right in the world again.

Or maybe not. (But we still want to see After Dark get ported… hint, hint!)

iMac fan control: quick, dirty, effective

One of the Intel iMacs we use here at the shop needed a new hard drive this week. Turns out the old drive was one of those that contains a built-in temperature sensor, and the new drive wasn’t (see this for the complete lowdown). End result? The SMC no longer knew what the drive’s temp was, panicked, and ran the hard drive fan on full speed – continuously. The noise was bothersome at best, and deafening at worst.

If this had been a customer’s machine, we would’ve cracked it back open and installed one of the many sensors we’ve saved from junk iMac G5s and other such machines. But since ripping the Mac apart again just wasn’t high on our list, we opted to solve the problem in software instead.

First, we took the smc utility (included with various fan-monitoring apps) and crafted a set of arguments for it that would limit the fan to running at a much more tolerable 2000 RPM. Then we wrote an XML file for LaunchServices that would run our command four times a minute (since the fan speed is re-set every time the machine powers off or goes to sleep, we need to ensure it never runs at full-speed for long). Hey, we said it was quick and dirty!

All in all, our hack did the job. It’s by no means elegant, but at least we can stop shouting over the fan noise.

There’s a ZIP file, which contains smc and our launchd script, athttp://www.kanabec.net/blog/FanSpeed.zip. Feel free to use it at your own risk. Our settings are plenty safe for the machine in question, but could have unintended consequences if used with other models or configurations. You have been warned!

End of an era: raqpaq and scooby halted

The above picture was what you’d see if you entered raqpaq.kanabecsystems.com into your web browser’s address bar. That is, until 11pm last night.

It was at that time that our two remaining servers at NCIS – raqpaq, our former shared hosting server; andscooby.mnkids.net, the last remaining piece of the once-glorious Kidsnet system – were officially turned off for good.

This marks the end of an era… one which started nearly a decade ago with a humble Linux box serving pages for the Lone Pine community center, and which grew to consume a whole corner of the NCIS “datacenter” at its peak some five years ago.

Times change, though. NCIS isn’t what it used to be, and neither are we. Our needs have changed, and our customers’ expectations aren’t the same as they were a decade ago. Now sites are bigger, more dynamic, and relied on moreso than ever. That’s why we put dala online… and that’s why we’ll probably keep expanding in the years to come.


scooby and the console, in its former home

But for today, give a nod to the tired iron that gave dozens of area establishments their Web presence for so many years. It’ll be torn apart and hauled back to our office next week for a much-deserved retirement on a shelf downstairs. Or perhaps to be reused again someday…

The new webserver: IT’S ALIVE!

Well, the new server (whose name is dala, by the way) is now up and running.

In fact, the page you’re seeing right now was served by it.

So far the transition has been fairly smooth. DNS changes propagated to all the major nameservers in a matter of two or three hours – lightning fast as compared to the usual 12-24 hours. Our password database was abandoned and the users were all moved by hand, but everything else was scripted and “automagically” took care of itself.

About the only config issue I ran into was with our MTA. I’ve always disliked Sendmail, mostly due to my lack of understanding it (but then, who can really claim to understand Sendmail’s arcane config-file format?). Even so, I could never quite bring myself to make the move to something more modern – “if it ain’t broke, don’t fix it”, right?

However, after spending a few hours struggling (and failing) to make Sendmail play nice with saslauthd on the new server, I finally threw in the towel. Now we run Postfix… and yes, it really *is* much nicer.

The last thing to be moved is the Mailman mailing lists and their associated archives, which is happening right now. So far so good!

Will this make all the customers happy? Tomorrow should give me a better idea of that… but for tonight, there’s still lots more non-server-related work to be done.

By the way: the admin interface is now at http://dala.kanabec.net/. If your password isn’t working, call and we’ll be happy to reset it for you.

And if you happen to be missing anything, don’t worry – the old server (raqpaq) is still running, and we can easily log into it for you and retrieve anything that might have been overlooked. Or you can dig around yourself… just telnet, FTP, SSH, or what-have-you to 63.160.14.236 and take your last look around. (We’ll be taking it down for the last time sometime later this week.)